This is very high level, I would suggest you really need a workshop with Splunk/Sales/Architect/pre-sales for this, but here's some Splunk food for thought
I am looking to use splunk as a SIEM tool for my company. Let me brief about our IT infra.
Splunk ES (SIEM) is most likely what you’re looking for, note, this a premium application, so additional licence. ES is mainly for SOC's use, it has many of the functions they need, and provides visibility for your security events, intelligence, and stats and then some!
The other alternative is Splunk's free InfoSec App(this not a SIEM in the sense, but it can also provide some good visibility into security aspects)
These links will help you find out more information.
Splunk ES
https://www.splunk.com/en_us/products/enterprise-security.html
Splunk ES SIEM App
https://splunkbase.splunk.com/app/263
Splunk Info Sec App
https://splunkbase.splunk.com/app/4240
Splunk Use Case Library
https://splunkbase.splunk.com/app/3435
1) We use Azure , AWS & some on premise servers. Most of our resources like VMs and services are on Azure.
Splunk supports many common data sources, so the ones you have listed will be fine, the data will need to be onboarded correctly for ES SIEM to search the data. Use Splunk base to find the various data source add-ons that Splunk supports
https://splunkbase.splunk.com/
2) Want a security kind of dashboard where SOC team can view and report on threats of network, web, servers etc.
This will show you various dashboards ES provides https://docs.splunk.com/Documentation/ES/7.3.1/User/Domaindashboards
3) I am not sure on the products that offers by splunk which is most relevant to me.
What products are most relevant to you? well this depends on your use cases, and how your SOC operates, I would suggest you contact Splunk and run perhaps a workshop to discovery your business requirements. There are many apps, Splunk ES, Mission Control, UBA, Soar. For you it sounds like ES, due to complexity ,integrations business requirements, a workshop would be better for you to thrash out all the details and have a strategy.
4) I am definitely want to go with cloud based solution instead of setting up splunk on virtual machine.
Splunk cloud removes admin overheads for the management of Splunk local instances, you just manage the data forwarding tier and feed that into Splunk cloud, so depends on for business strategy On premise -Vs Cloud.
I am not sure if splunk has cloud based colsole or not.
For Splunk cloud, login is known as a search head, this provides you with various apps like ES and various other Splunk features.
5) Please help me with some best industry practices to deploy splunk. Also, share the way steps, guide, video to deploy the same.
Start here
Splunk basic concepts
https://www.splunk.com/en_us/blog/learn/splunk-tutorials.html
When deploying Splunk, it's important to follow best practices to ensure a successful implementation. Some key steps include:
Define your use cases and objectives for using Splunk.
Plan your data collection strategy, including identifying sources of data to ingest into Splunk.
Design your Splunk environment, considering factors such as data volume, retention requirements, and performance needs.
Install and configure Splunk components according to your design, ensuring proper integration with your IT infrastructure.
Test your deployment to verify functionality and performance.
Train your users and administrators on how to use Splunk effectively for monitoring, analysis, and reporting.
Continuously monitor and optimize your Splunk deployment to meet evolving business needs and security requirements.
For detailed guidance on deploying Splunk, you can refer to Splunk documentation, online resources, and training courses available from Splunk. Additionally, Splunk's professional services team can provide expert assistance with deployment planning, implementation, and optimization.
